The Latest in IT Security

A Tumblr of Rogues

24
Apr
2012

Rogue AVs have not really taken much attention recently probably because they are no longer boldly screaming in everyone’s faces as compared to the time when the most trending topics produce massive amounts of blackhat SEO-poisoning URLs.

So where are they lurking nowadays?

They are still using the SEO-poisoning method, of course. They would need to gain some visibility after all. But in addition to the usual compromised domains, they are now happily residing in Tumblr.

The screenshot below is taken from one of the several rogue-pushing Tumblr accounts:

tumblr2

And well, as an internet user, when we are presented with a video and a play button in the middle what do we do? We click it! Right? And the video will promptly play… well, not this time. That “video” is actually an image. So, that innocent click activates the malware and will take you to a page which redirects to an exploit page and finally to a rogue AV.

tumblr

It exploits the Java vulnerability CVE-2012-0507 and Adobe Reader vulnerabilities CVE-2008-2992, CVE-2007-5659, and CVE-2010-0188.

exploit

Successful exploitation currently leads to a rogueware called Windows Performance Adviser.

windows_performance_adviser

So? tip of the day? If those wonderful videos are not on a trusted domain? don’t click them?. But? but? Just don’t. 😉

Safe surfing!

Leave a reply


Categories

THURSDAY, AUGUST 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks